Updated misc/py-carddav to 0.7.0nb1

(wiz)

Add missing py-xdg dependency. Bump PKGREVISION.

(wiz)

py-Pillow is better.

(obache)

+ Pillow-2.4.0

(obache)

Updated graphics/py-Pillow to 2.3.1

(obache)

Update py-Pillow to 2.3.1.

Changelog (Pillow)
==================

2.3.1 (2014-03-14)
------------------
- Fix insecure use of tempfile.mktemp (CVE-2014-1932 CVE-2014-1933)
  [wiredfool]

(obache)

Pullup ticket #4363.

(tron)

Pullup ticket #4363 - requested by obache
graphics/jbigkit: security update

Revisions pulled up:
- graphics/jbigkit/Makefile                                    1.6
- graphics/jbigkit/distinfo                                    1.5
- graphics/jbigkit/patches/patch-Makefile                      1.2
- graphics/jbigkit/patches/patch-aa                            1.4
- graphics/jbigkit/patches/patch-ab                            1.5

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Thu Apr 10 12:04:16 UTC 2014

  Modified Files:
  pkgsrc/graphics/jbigkit: Makefile distinfo
  pkgsrc/graphics/jbigkit/patches: patch-Makefile patch-aa patch-ab

  Log Message:
  Update jbigkit to 2.1.

  Changes in version 2.1 (2014-04-08)

  This is a security-critical bug-fix release that remains API and ABI
  backwards compatible to version 2.0. Users who process BIE data from
  untrusted sources should upgrade.

    - fixed a buffer-overflow vulnerability in the jbig.c decoder,
      reported by Florian Weimer (Red Hat): CVE-2013-6369

    - fixed ability of corrupted input data to force jbig85.c decoder
      into an end-less loop

    - fixed a bug in the processing of private deterministic-prediction
      tables (DPPRIV=3D1) in jbig.c decoder

    - fixed integer-type mismatches in printf arguments on 64-bit systems

    - fuzz-testing script added

(tron)

Updated multimedia/ffmpeg2 to 2.2.1

(adam)

Changes 2.2.1:
* avcodec/dirac_arith: Fix build with PIC and stack-check options
* swscale/x86/swscale_template: loose hardcoded dstw_offset
* swresample/resample: use av_malloc_array() where appropriate
* swresample/dither: use av_malloc_array()
* swresample/resample: Limit filter length
* avcodec/msrle: check return code for success before use
* avcodec/pthread_frame: fix missing unlock on error
* examples/avio_reading: fix null dereference on error
* avformat/omadec: fix probetest failure
* avcodec/wma: use av_freep(), do not leave stale pointers in memory
* lavu/opt: validate range before dereference
* avcodec/h264: clear cur_pic structure instead of duplicating it in ff_h264_update_thread_context()
* avfilter/vf_pullup: fix gray8
* avcodec/libx264: move where x264opts is applied down so it isnt overridden by avctx & defaults

(adam)

Updated www/p5-Dancer2 to 0.12

(wen)

Update to 0.12

Upstream changes:
0.12      2014-04-07 22:42:12 Europe/Amsterdam

    [ ENHANCEMENTS ]
    * GH#518: Bump jQuery to 1.10.2 (Grzegorz Ro偶niecki).
    * GH#535: Support OPTIONS and PATCH requests in Server::Standalone.
      (Russell Jenkins)
    * GH#553: Dancer2 CLI: specify directory to write app skeleton
      (Jean Stebens)
    * GH#543: Additional HTTP Methods for Ajax plugin (Jean Stebens).

    [ DOCUMENTATION ]
    * RT#91428: POD encoding set to UTF-8 in main .pm (Gregor Herrmann).
    * GH#517: Miscellaneous documentation fixes (Cesare Gargano).
    * GH#518: "Getting started" demo page fixes (Grzegorz Ro偶niecki).
    * GH#522: s/PerlHandler/PerlResponseHandler/ in Apache2 sample configuration
      (Grzegorz Ro偶niecki)
    * GH#521: Remove duplicated POD and clean up list details (Shlomi Fish)
    * GH#526: Cleanup POD formating and code snippets in manual.
      (Grzegorz Ro偶niecki)

    [ BUG FIXES ]
    * GH#528,529: Force PSGI server in dispatch scripts for CGI or fcgi
      deployments (Erik Smit, Alberto Sim玫es)
    * GH#550,GH#551: Update all headers in Handler::File
      (Sawyer X, Stefan @racke Hornburg)
    * GH#540: Fix hook execution when default scalar was used in hook code.
      (baynes, Russell Jenkins)
    * GH#552: Rework test suite to use Plack::Test
      (Sawyer X, Stefan @racke Hornburg)
    * GH#560: Return value of hooks do not alter response content.
      (Jean Stebens)

(wen)

Updated graphics/jbigkit to 2.1

(obache)

Update jbigkit to 2.1.

Changes in version 2.1 (2014-04-08)

This is a security-critical bug-fix release that remains API and ABI
backwards compatible to version 2.0. Users who process BIE data from
untrusted sources should upgrade.

  - fixed a buffer-overflow vulnerability in the jbig.c decoder,
    reported by Florian Weimer (Red Hat): CVE-2013-6369

  - fixed ability of corrupted input data to force jbig85.c decoder
    into an end-less loop

  - fixed a bug in the processing of private deterministic-prediction
    tables (DPPRIV=1) in jbig.c decoder

  - fixed integer-type mismatches in printf arguments on 64-bit systems

  - fuzz-testing script added

(obache)

stunnel-5.01

(obache)

Updated www/firefox to 28.0nb2

(martin)

Make the custom memory allocator in the JS engine deal with sparc64
TOPDOWN_VM (already reported upstream).

(martin)

Sort.

(wiz)

Remove inclusion of non-existing x265 buildlink3.mk file until it's added.

(wiz)

Remove unused patch after update.

(wiz)

recursive bump from ilmbase shlib version change.

(obache)

recursive bump from x264-devel build number change (i.e. API change)

(obache)

recursive bump from x264-devel builld number change (i.e. API change).

(obache)

Don't enable "dtrace" support by default under Solaris 10. It doesn't
build for me on an UltraSPARC system.

(tron)

Note update of the "phpmyadmin" package to version 4.1.12.

(tron)

Update "phpmyadmin" package to version 4.1.12. The following bugs were
fixed since version 4.1.9:
- bug #4334 Add event : datepicker won't open
- bug #4338 Fix missing value error while executing SQL query
- TCPDF library is now optional dependency
- bug #4326 Cannot find the import plugins which start with uppercase 'I'
- bug #4301 Grid edit: "SELECT" query is replaced by "UPDATE" query after edit
- bug #4278 reCaptcha re-login requires double effort
- bug #4324 Datepicker not showing up on insert page
- bug #3991 Problem selecting item in select boxes with the ENTER keystroke
            in some browsers
- bug #4323 QueryWindow ignores CodeMirror
- bug      None of the live charts shown on "Status -> Monitor" (Chrome)

(tron)

Added fonts/inconsolata-g version 20090213

(wiz)

+ inconsolata-g

(wiz)

Import inconsolata-g-20090213 as fonts/inconsolata-g.

Inconsolata is a mono-space, sans-serif font.
This is a modified version with the following changes:
- Single and double quotes ' and " are now straight
- , . ' are a bit more visible
- The ^ is a bit wider
- The curved upper leg of the lower case r is a bit more visible
- The zero is not slashed but dotted
- Numbers are a bit larger (keeping the font non proportional)
- The symbol minus - is a bit lower
- [] are now about as tall as () and {}
- The font is bigger than Inconsolata

(wiz)

+ glusterfs-3.4.3, libxmp-4.2.6, mame-0.153, mess-0.153, midori-0.5.8,
  openmpi-1.8.0, roundcube-1.0.0 [wait for fix for
  http://trac.roundcube.net/ticket/1489729], tea-37.2.1, xine-lib-1.2.5.

(wiz)

Pullup tickets #4357, #4358, #4361 and #4362.

(tron)

Pullup ticket #4362 - requested by obache
multimedia/adobe-flash-plugin11: security update

Revisions pulled up:
- multimedia/adobe-flash-plugin11/Makefile                      1.27
- multimedia/adobe-flash-plugin11/distinfo                      1.25

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Wed Apr  9 05:24:05 UTC 2014

  Modified Files:
  pkgsrc/multimedia/adobe-flash-plugin11: Makefile distinfo

  Log Message:
  Update adobe-flash-plugin11 to 11.2.202.350 for APSB14-09.

(tron)

Pullup ticket #4361 - requested by ryoon
www/apache-tomcat7: security update

Revisions pulled up:
- www/apache-tomcat7/Makefile                                  1.18
- www/apache-tomcat7/PLIST                                      1.10
- www/apache-tomcat7/distinfo                                  1.12

---
  Module Name: pkgsrc
  Committed By: ryoon
  Date: Tue Apr  8 20:14:55 UTC 2014

  Modified Files:
  pkgsrc/www/apache-tomcat7: Makefile PLIST distinfo

  Log Message:
  Update to 7.0.53

  * Fix CVE-2014-0050 and CVE-2013-4590,

  Changelog:
  Tomcat 7.0.53 (violetagg)

      Catalina

          add Make it easier for applications embedding and/or extending =
  Tomcat to modify the javaseClassLoader attribute of the WebappClassLoad=
  er. (markt)
          fix Improve the robustness of web application undeployment base=
  d on some code analysis triggered by the report for 54315. (markt)
          fix 56219: Improve merging process for web.xml files to take ac=
  count of the elements and attributes supported by the Servlet version o=
  f the merged file. (markt)
          fix 56190: The response should be closed (i.e. no further outpu=
  t is permitted) when a call to AsyncContext.complete() takes effect. (m=
  arkt)
          fix 56236: Enable Tomcat to work with alternative Servlet and J=
  SP API JARs that package the XML schemas in such as way as to require a=
    dependency on the JSP API before enabling validation for web.xml. Tomc=
  at has no such dependency. (markt)
          fix 56246: Fix NullPointerException in MemoryRealm when authent=
  icating an unknown user. (markt)
          fix 56248: Allow the deployer to update an existing WAR file wi=
  thout undeploying the existing application if the update flag is set. T=
  his allows any existing custom context.xml for the application to be re=
  tained. To update an application and remove any existing context.xml si=
  mply undeploy the old version of the application before deploying the n=
  ew version. (markt)
          fix Redefine the globalXsltFile initialisation parameter of the=
    DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf=
  . Prevent user supplied XSLTs used by the DefaultServlet from defining =
  external entities. (markt)
          add Add a work around for validating XML documents (often TLDs)=
    that use just the file name to refer to refer to the JavaEE schema on =
  which they are based. (markt)
          fix 56293: Cache resources loaded by the class loader from /MET=
  A-INF/services/ for better performance for repeated look ups. (markt)

      Coyote

          fix 53119: Make sure the NIO AJP output buffer is cleared on an=
  y error to prevent any possible overflow if it is written to again befo=
  re the connection is closed. This extends the original fix for the APR/=
  native output buffer to the NIO connector. (kkolinko)
          fix 56172: Avoid possible request corruption when using the AJP=
    NIO connector and a request is sent using more than one AJP message. P=
  atch provided by Amund Elstad. (markt)
          fix 56213: Reduce garbage collection when the NIO connector is =
  under heavy load. (markt)
          fix Improve processing of chuck size from chunked headers. Avoi=
  d overflow and use a bit shift instead of a multiplication as it is mar=
  ginally faster. (markt/kkolinko)
          fix Fix possible overflow when parsing long values from a byte =
  array. (markt)

      Jasper

          fix 54475: Add Java 8 support to SMAP generation for JSPs. Patc=
  h by Robbie Gibson. (markt)
          fix 55483: Improve handing of overloaded methods and constructo=
  rs in expression language implementation. (markt)
          fix 56208: Restore the validateXml option to Jasper that was pr=
  eviously renamed validateTld. Both options are now supported. validateX=
  ml controls the validation of web.xml files when Jasper parses them and=
    validateTld controls the validation of *.tld files when Jasper parses =
  them. (markt)
          fix 56223: Throw an IllegalStateException if a call is made to =
  ServletContext.setInitParameter() after the ServletContext has been ini=
  tialized. (markt)
          fix 56265: Do not escape values of dynamic tag attributes conta=
  ining EL expressions. (kkolinko)
          fix Make the default compiler source and target versions for JS=
  Ps Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt)
          update 56283: Update to the Eclipse JDT Compiler P20140317-1600=
    which adds support for Java 8 syntax to JSPs. Add support for value "1=
  .8" for the compilerSourceVM and compilerTargetVM options. (markt)

      WebSocket

          fix Avoid a possible deadlock when one thread is shutting down =
  a connection while another thread is trying to write to it. (markt)
          fix Call onError if an exception is thrown calling onClose when=
    closing a session. (remm)

      Web applications

          code In the documentation: add support for several documentatio=
  n tags from Tomcat 8. Such as <version-major/>. (kkolinko)
          add 56093: Add the SSL Valve to the documentation web applicati=
  on. (markt)
          fix 56217: Improve readability by using left alignment for the =
  table cell containing the request information on the Manager applicatio=
  n status page. (markt)
          fix Fixed java.lang.NegativeArraySizeException when using "Expi=
  re sessions" command in the manager web application on a context where =
  the session timeout is disabled. (kfujino)
          fix Add support for LAST_ACCESS_AT_START system property to Man=
  ager web application. (kfujino)
          fix Add definition of org.apache.catalina.ant.FindLeaksTask. (k=
  fujino)
          fix 56273: If the Manager web application does not perform an o=
  peration because the web application is already being serviced, report =
  an error rather than reporting success. (markt)
          fix 56304: Add a note to the documentation about not using WebS=
  ocket with BIO HTTP in production. (markt)

      Other

          fix 56143: Improve service.bat so that it can be launched from =
  a non-UAC console. This includes using a single call to tomcat7.exe to =
  install the Windows service rather than three calls, and using command =
  line arguments instead of environment variables to pass the settings. (=
  markt/kkolinko)
          fix Fix regression in 7.0.52: when using service.bat install to=
    install the service the values for --StdOutput, --StdError options wer=
  e passed as blank instead of "auto". (kkolinko)
          fix Align options between service.bat and exe Windows installer=
  . For service.bat the changes are in --Classpath, --DisplayName, --Star=
  tPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmM=
  x options, which are now 128 Mb and 256 Mb respectively instead of bein=
  g empty. Explicitly specify --LogPath path when uninstalling Windows se=
  rvice, avoiding default value for that option. (kkolinko)
          code Simplify Windows *.bat files: remove %OS% checks, as java =
  6 does not run on ancient non-NT operating systems. (kkolinko)
          fix 56137: Explicitly use the BIO connector in the SSL example =
  in server.xml so it doesn't break if APR is enabled. (markt)
          fix 56139: Avoid a web application class loader leak in some un=
  it tests when running on Windows. (markt)
          fix Correct build script to avoid building JARs with empty pack=
  ages. (markt)
          add Allow to limit JUnit test run to a number of selected test =
  case methods. (kkolinko)
          fix 56189: Remove used file cpappend.bat from the distribution.=
    (markt)

  Tomcat 7.0.52 (violetagg) released 2014-02-17

      Catalina

          fix Generate a valid root element for the effective web.xml for=
    a web application for all supported versions of web.xml. (markt)

      Coyote

          code Pull up SocketWrapper to AbstractProcessor. (markt)
          fix In some circumstances asynchronous requests could time out =
  too soon. (markt)

  Tomcat 7.0.51 (violetagg) not released

      Catalina

          fix 55287: ServletContainerInitializer defined in the container=
    may not be found. (markt/jboynes)
          fix 55855: Provide a per Context option (containerSciFilter) to=
    exclude container SCIs. (markt)
          fix 55937: When deploying applications, treat a context path of=
    /ROOT as equivalent to /. (markt)
          fix 55943: Improve the implementation of the class loader check=
    that prevents web applications from trying to override J2SE implementa=
  tion classes. As part of this fix, refactor the way a null parent class=
    loader is handled which enables a number of null checks and object cre=
  ation calls to be removed. (markt)
          fix 55958: Differentiate between foo.war the WAR file and foo.w=
  ar the directory. (markt)
          fix 55960: Improve the single sign on (SSO) unit tests. Patch p=
  rovided by Brian Burch. (markt)
          fix 55974: Retain order when reporting errors and warnings whil=
  e parsing XML configuration files. (markt)
          fix 56013: Fix issue with SPNEGO authentication when using IBM =
  JREs. IBM JREs only understand the option of infinite lifetime for Kerb=
  eros credentials. Based on a patch provided by Arunav Sanyal. (markt)
          fix 56016: When loading resources for XML schema validation, ta=
  ke account of the possibility that servlet-api.jar and jsp-api.jar may =
  not be loaded by the same class loader. Patch by Juan Carlos Estibariz.=
    (markt)
          fix 56025: When creating a WebSocket connection, always call Se=
  rverEndpointConfig.Configurator.getNegotiatedSubprotocol() and always c=
  reate the EndPoint instance after calling ServerEndpointConfig.Configur=
  ator.modifyHandshake(). (markt)
          fix 56032: Ensure that the WebSocket connection is closed after=
    an IO error or an interrupt while sending a WebSocket message. (markt)=

          fix 56042: If a request in async mode has an error but has alre=
  ady been dispatched don't generate an error page in the ErrorReportValv=
  e so the dispatch target can handle it. (markt)
          fix Add missing javax.annotation.sql.* classes to annotations-a=
  pi.jar. (markt)
          fix The type of logger attribute of Context MBean should be not=
    org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfuji=
  no)
          fix 56082: Fix a concurrency bug in JULI's LogManager implement=
  ation. (markt)
          fix 56096: When the attribute rmiBindAddress of the JMX Remote =
  Lifecycle Listener is specified it's value will be used when constructi=
  ng the address of a JMX API connector server. Patch is provided by Jim =
  Talbut. (violetagg)
          fix When environment entry with one and the same name is define=
  d in the web deployment descriptor and with annotation then the one spe=
  cified in the web deployment descriptor is with priority. (violetagg)
          fix Change default value of xmlBlockExternal attribute of Conte=
  xt. It is true now. (kkolinko)

      Coyote

          fix Avoid possible NPE if a content type is specified without a=
    character set. (markt)
          fix 55956: Make the forwarded remote IP address available to th=
  e Connectors via a request attribute. (markt)
          fix 55976: Fix sendfile support for the HTTP NIO connector. (ma=
  rkt)
          fix 55996: Ensure Async requests timeout correctly when using t=
  he NIO HTTP connector. (markt)
          add 56021: Make it possible to use the Windows-MY key store wit=
  h the BIO and NIO connectors for SSL configuration. It requires a keyst=
  oreFile=3D"" keystoreType=3D"Windows-My" to be set on the connector. Ba=
  sed on a patch provided by Asanka. (markt)

      Jasper

          fix Correct a regression in the XML refactoring that meant that=
    errors in TLD files were swallowed. (markt)
          fix 55671: Correct typo in the log message for a wrong value of=
    genStringAsCharArray init-param of JspServlet. This parameter had a di=
  fferent name in Tomcat 6. (kkolinko)
          fix 55973: Fix processing of XML schemas when validation is ena=
  bled in Jasper. (kkolinko)
          fix 56010: Don't throw an IllegalArgumentException when JspFact=
  ory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a pa=
  tch by Eugene Chung. (markt)
          fix 56012: When using the extends attribute of the page directi=
  ve do not import the super class if it is in an unnamed package as impo=
  rts from unnamed packages are now explicitly illegal. (markt)
          fix 56029: A regression in the fix for 55198 meant that when EL=
    containing a ternary expression was used in an attribute a compilation=
    error would occur for some expressions. (markt)
          fix Correct several errors in jspxml Schema and DTD. (kkolinko)=

          fix Change default value of the blockExternal attribute of JspC=
    task. The default value is true. Add support for -no-blockExternal swi=
  tch when JspC is run as a standalone application. (kkolinko)

      Cluster

          code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createM=
  anager(String). Remove unnecessary class cast. (kfujino)

      WebSocket

          fix Do not return an empty string for the Sec-WebSocket-Protoco=
  l HTTP header when no sub-protocol has been requested or no sub-protoco=
  l could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol he=
  ader is returned in this case. (markt)

      Web applications

          fix Add index.xhtml to the welcome files list for the examples =
  web application. (kkolinko)
          fix Clarify that the connectionTimeout may also be used as the =
  read timeout when reading a request body (if any) in the documentation =
  web application. (markt)
          fix Clarify the behaviour of the maxConnections attribute for a=
    connector in the documentation web application. (markt)
          fix 55888: Update the documentation web application to make it =
  clearer that a Container may define no more than one Realm. (markt)
          fix 55956: Where available, displayed the forwarded remote IP a=
  ddress available on the status page of the Manager web application. (ma=
  rkt)
          fix Correct links to the Tomcat mailing lists in the ROOT web a=
  pplication. (kkolinko)
          fix In Manager web application improve handling of file upload =
  errors. Display a message instead of error 500 page. Simplify parts han=
  dling code, as it is known that Tomcat takes care of them when recyclin=
  g a request. (kkolinko)

      Extras

          fix 55166, 56045: Copy the XML schemas used for validation that=
    are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tom=
  cat instance can start without Jasper being available. This also enable=
  s validation to work without Jasper being available. (markt/kkolinko)
          fix 56039: Enable the JmxRemoteLifecycleListener to work over S=
  SL. Patch by esengstrom. (markt)

      Other

          fix 55743: Enable the stop script to work when the shutdown por=
  t is disabled and a PID file is defined. This is only available on plat=
  forms that use catalina.sh. (markt)
          fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PI=
  D, the catalina.sh script could incorrectly report that Tomcat had not =
  yet completely stopped when it had. Based on a patch by jess. (markt)
          fix Package correct license and notice files with embedded JARs=
  . (markt)
          code Remove svn keywords (such as $Id) from source files and do=
  cumentation. (kkolinko)
          fix Fix CVE-2014-0050, a denial of service with a malicious, ma=
  lformed Content-Type header and multipart request processing. Fixed by =
  merging latest code (r1565163) from Commons FileUpload. (markt)
          fix 56115: Expose the httpusecaches property of Ant's get task =
  as some users may need to change the default. Based on a suggestion by =
  Anthony. (markt)

  Tomcat 7.0.50 (violetagg) released 2014-01-08

      Catalina

          fix Handle the case where a context.xml file is added to a web =
  application deployed from a directory. Previously the file was ignored =
  until Tomcat was restarted. Now (assuming automatic deployment is enabl=
  ed) it will trigger a redeploy of the web application. (markt)
          fix Fix string comparison in HostConfig.setContextClass(). (kko=
  linko)
          code Streamline handling of WebSocket messages when no handler =
  is configured for the message currently being received. (markt)
          fix Handle the case where a WebSocket annotation configures a m=
  essage size limit larger than the default permitted by Tomcat. (markt)
          fix 55855: This is a partial fix that bypasses the relatively e=
  xpensive check for a WebSocket upgrade request if no WebSocket endpoint=
  s have been registered. (markt)
          fix 55905: Prevent a NPE when web.xml references a taglib file =
  that does not exist. Provide better error message. (violetagg)

      Coyote

          fix When using the BIO connector with an internal executor, do =
  not display a warning that the executor has not shutdown as the default=
    configuration for BIO connectors is not to wait. This is because threa=
  ds in keep-alive connections cannot be interrupted and therefore the wa=
  rning was nearly always displayed. (markt)

      Jasper

          fix JspC uses servlet context initialization parameters to pass=
    configuration so ensure that the servlet context used supports initial=
  ization parameters. (markt)

      Cluster

          fix In AbstractReplicatedMap#finalize, remove rpcChannel from c=
  hannel Listener of group channel before sending MapMessage.MSG_STOP mes=
  sage. This prevents that the node that sent the MapMessage.MSG_STOP by =
  normal shutdown is added to member map again by ping at heartbeat threa=
  d in the node that received the MapMessage.MSG_STOP. (kfujino)
          fix Add time stamp to GET_ALL_SESSIONS message. (kfujino)

      Web applications

          fix Fix the sample configuration of StaticMembershipInterceptor=
    in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)

      Extras

          update Update dependencies that are used to build tomcat-juli e=
  xtras component. Apache Avalon Framework is updated to version 4.1.5, A=
  pache Log4J to version 1.2.17. (rjung)

  Tomcat 7.0.49 (violetagg) not released

      Catalina

          fix Correct a regression in the new XML local resolver that tri=
  ggered false failures when XML validation was configured. (markt)
          fix Prevent a NPE when destroying HTTP upgrade handler for WebS=
  ocket connections. (violetagg)

  Tomcat 7.0.48 (violetagg) not released

      Catalina

          add 51294: Add support for unpacking WARs located outside of th=
  e Host's appBase in to the appBase. (markt)
          fix 55656: Configure the Digester to use the server class loade=
  r when parsing server.xml rather than the class loader that loaded Stan=
  dardServer. Patch provided by Roberto Benedetti. (markt)
          fix 55664: Correctly handle JSR 356 WebSocket Encoder, Decoder =
  and MessageHandler implementations that use a generic type such as Enco=
  der.Text<List<String>>. Includes a test case by Niki Dokovski. (markt)
          fix Correctly handle WebSocket Encoders, Decoders and MessageHa=
  ndlers that use arrays of generic types. (markt)
          fix 55681: Ensure that the WebSocket session is made available =
  to MessageHandler method calls. (markt)
          fix Updated servlet spec version and documentation section-numb=
  er reported when JAR files are rejected for containing a trigger class =
  (e.g. javax.servlet.Servlet). (schultz)
          add Modify the WebSocket handshake process so that the user pro=
  perties Map exposed by the ServerEndpointConfig during the call to Conf=
  igurator.modifyHandshake() is unique to the connection rather than shar=
  ed by all connections associated with the Endpoint. This allows for eas=
  ier configuration of per connection properties from within modifyHandsh=
  ake(). (markt)
          fix 55684: Log a warning but continue if the memory leak detect=
  ion code is unable to access all threads to check for possible memory l=
  eaks when a web application is stopped. (markt)
          fix Define the web-fragment.xml in tomcat7-websocket.jar as a S=
  ervlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (mar=
  kt)
          fix 55715: Add a per web application executor to the WebSocket =
  implementation and use it for calling SendHandler.onResult() when there=
    is a chance that the current thread also initiated the write. (markt)
          fix Prevent file descriptors leak and ensure that files are clo=
  sed when configuring the web application. (violetagg)
          fix Fixed the name of the provider-configuration file located i=
  n tomcat7-websocket.jar!/META-INF/services that exposes information for=
    javax.websocket.server.ServerEndpointConfig$Configurator implementatio=
  n. (violetagg)
          fix 55760: Remove the unnecessary setting of the javax.security=
  .auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as=
    in addition to it being unnecessary, it causes problems with using SPN=
  EGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt)
          fix 55772: Ensure that the request and response are recycled af=
  ter an error during asynchronous processing. Includes a test case based=
    on code contributed by Todd West. (markt)
          fix 55778: Add an option to the JNDI Realm to control the QOP u=
  sed for the connection to the LDAP server after authentication when usi=
  ng SPNEGO with delegated credentials. This value is used to set the jav=
  ax.security.sasl.qop environment property for the LDAP connection. (mar=
  kt)
          fix 55798: Log an error if the MemoryUserDatabase is unable to =
  find the specified user database file. (markt)
          fix 55799: Correctly enforce the restriction in JSR356 that no =
  more than one data message may be sent to a remote WebSocket endpoint a=
  t a time. (markt)
          fix When Catalina parses TLD files, always use a namespace awar=
  e parser to be consistent with how Jasper parses TLD files. The tldName=
  spaceAware attribute of the Context is now ignored. (markt)
          fix Deprecate the tldNamespaceAware Context attribute as TLDs a=
  re always parsed with a namespace aware parser. (markt)
          fix Correct a logic error that meant that unpackWARs was ignore=
  d and the WAR was always expanded if a WAR failed to deploy. (markt)
          add Add support for defining copyXML on a per Context basis. (m=
  arkt)
          fix Define the expected behaviour of the automatic deployment a=
  nd align the implementation to that definition. (markt)
          add When running under a security manager, change the default v=
  alue of the Host's deployXML attribute to false. (markt)
          add If a Host is configured with a value of false for deployXML=
  , a web application has an embedded descriptor at META-INF/context.xml =
  and no explicit descriptor has been defined for this application, do no=
  t allow the application to start. The reason for this is that the embed=
  ded descriptor may contain configuration necessary for secure operation=
    such as a RemoteAddrValve. (markt)
          fix Prevent an NPE in the WebSocket ServerContainer when proces=
  sing an HTTP session end event. (markt)
          add 55801: Add the ability to set a custom SSLContext to use fo=
  r client wss connections. Patch provided by Maciej Lypik. (markt)
          fix 55804: If the GSSCredential for the cached Principal expire=
  s when using SPNEGO authentication, force a re-authentication. (markt)
          add 55811: If the main web.xml contains an empty absolute-order=
  ing element and validation of web.xml is not enabled, skip parsing any =
  web-fragment.xml files as the result is never used. (markt)
          fix 55839: Extend support for digest prefixes {MD5}, {SHA} and =
  {SSHA} to all Realms rather than just the JNDIRealm. (markt)
          fix 55842: Ensure that if a larger than default response buffer=
    is configured that the full buffer is used when a Servlet outputs via =
  a Writer. (markt)
          fix 55851: Further fixes to enable SPNEGO authentication to wor=
  k with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
          add Fix CVE-2013-4590: Add an option to the Context to control =
  the blocking of XML external entities when parsing XML configuration fi=
  les and enable this blocking by default when a security manager is used=
  . The block is implemented via a custom resolver to enable the logging =
  of any blocked entities. (markt)

      Coyote

          code Implement a number of small refactorings to the APR/native=
    handler for upgraded HTTP connections. (markt)
          fix Fix an issue with upgraded HTTP connections over HTTPS (e.g=
  . secure WebSocket) when using the APR/native connector that resulted i=
  n the unexpected closure of the connection. (markt)
          fix Ensure that the application class loader is used when calli=
  ng the ReadListener and WriteListener methods when using non-blocking I=
  O. A side effect of not doing this was that JNDI was not available when=
    processing WebSocket events. (markt)
          add Make the time that the internal executor (if used) waits fo=
  r request processing threads to terminate before continuing with the co=
  nnector stop process configurable. (markt)
          fix 55749: Improve the error message when SSLEngine is disabled=
    in the AprLifecycleListener and SSL is configured for an APR/native co=
  nnector. (markt)
          add If a request that includes an Expect: 100-continue header r=
  eceives anything other than a 2xx response, close the connection This p=
  rotects against misbehaving clients that may not sent the request body =
  in that case and send the next request instead. (markt)
          fix Improve the parsing of trailing headers in HTTP requests. (=
  markt)

      Jasper

          fix 55735: Fix a regression caused by the fix to 55198. When pr=
  ocessing JSP documents, attributes in XML elements that are template co=
  ntent should have their text xml-escaped, but output of EL expressions =
  in them should not be escaped. (markt)
          fix 55807: The JSP compiler used a last modified time of -1 for=
    TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expans=
  ion) when creating the dependency list for JSPs that used that TLD. Thi=
  s meant JSPs using that TLD were recompiled on every access. (markt)

      Cluster

          add Add log message that initialization of AbstractReplicatedMa=
  p has been completed. (kfujino)
          fix The logger of AbstractReplicatedMap should be non-static in=
    order to enable logging of each application. Side-effects of this chan=
  ge is to throw RuntimeException in MapMessage#getKey() and getValue() i=
  nstead of Null return and error log. (kfujino)
          code Simplify the code of DeltaManager#startInternal(). Reduce =
  unnecessary nesting for acquisition of cluster instance. (kfujino)
          fix Remove unnecessary attributes of stateTransferCreateSendTim=
  e and receiverQueue from cluster manager template. These attributes sho=
  uld not be defined as a template. (kfujino)
          fix Fix MBean attribute definition of stateTransfered. The meth=
  od name is not isStateTransfered() but getStateTransfered(). (kfujino)
          fix Correct stop failure log of cluster. Failure cause is not o=
  nly Valve. (kfujino)
          fix Remove unnecessary sleep when sending session blocks on ses=
  sion sync phase. (kfujino)
          fix Expose stateTimestampDrop of org.apache.catalina.ha.session=
  .DeltaManager via JMX. (kfujino)
          fix When the ping timeouted, make sure that memberDisappeared m=
  ethod is not called by specifying the members that has already been rem=
  oved. (kfujino)
          add Add log message of session relocation when member disappear=
  ed. (kfujino)
          fix If ping message fails, prevent wrong timeout detection of n=
  ormal member that is no failure members. (kfujino)

      Web applications

          add Add some documentation on the SSL configuration options for=
    WebSocket clients. (markt)
          add Add to cluster document a description of notifyLifecycleLis=
  tenerOnFailure and heartbeatBackgroundEnabled. (kfujino)
          fix Update the documentation with information for WebSocket 1.0=
    specification and javadoc. (violetagg)
          fix 55703: Clarify the role of the singleton attribute for JNDI=
    resource factories. (markt)
          fix 55746: Add documentation on the allRolesMode to the Combine=
  dRealm and LockOutRealm. Patch by C=E9dric Couralet. (markt)
          add Expand the information on web applications that ship as par=
  t of Tomcat in the security how-to section of the documentation web app=
  lication. (markt)
          fix Expand the description of the WebSocket buffers in the docu=
  mentation web application to clarify their purpose. (markt)
          add Correct the documentation for Cluster manager. (kfujino)
          add Add information on how to configure integrated Windows auth=
  entication when Tomcat is running on a non-Windows host. (markt)

      Extras

          update Update commons-logging to version 1.1.3. (rjung)

      Other

          add 52323: Add support for the Cobertura code coverage tool whe=
  n running the unit tests. Based on a patch by mhasko. (markt/kkolinko)
          update Update sample Eclipse IDE project. Explicitly use a Java=
    6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they ca=
  nnot be compiled with Java 6. (kkolinko)
          update Update the Eclipse compiler to 4.3.1. (kkolinko/markt)

(tron)

Pullup ticket #4358 - requested by taca
www/contao32: security update

Revisions pulled up:
- www/contao/Makefile.common                                    1.64
- www/contao32/distinfo                                        1.10
- www/contao32/patches/patch-system_bin_sqldump                1.2

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Apr  7 13:30:06 UTC 2014

  Modified Files:
  pkgsrc/www/contao: Makefile.common
  pkgsrc/www/contao32: distinfo
  pkgsrc/www/contao32/patches: patch-system_bin_sqldump

  Log Message:
  Update contao32 to 3.2.9.

  Version 3.2.9 (2014-04-07)
  --------------------------

  ### Fixed
  Fixed a critical vulnerability of the install tool (see #6855).

  ### Fixed
  Filter disabled groups in the registration module in the front end (see #6757).

  ### Fixed
  Work around a bug in SimplePie with the "skip items" option (see #6107).

  ### Fixed
  Fix the Swipe "continuous" option if there are exactly two slides (see #6812).

  ### Fixed
  Apply `addslashes()` to strings in the `Config` class (see #6808).

  ### Fixed
  Do not empty all fallback fields in sorting mode 4 (see #6498).

  ### Fixed
  Do not allow template names to be longer than the DB fields (see #6819).

  ### Fixed
  Correctly set the start time of a multi-day event (see #6802).

  ### Fixed
  Correctly handle OR queries in the listing module (see #6344).

  ### Fixed
  Use a monospaced font for the plain text newsletter preview (see #6790).

  ### Fixed
  Adjust the `vScrollTo()` offset if the paste hint is visible (see #6478).

(tron)

Pullup ticket #4357 - requested by taca
www/contao211: security update

Revisions pulled up:
- www/contao/Makefile.common                                    1.63
- www/contao211/Makefile                                        1.15
- www/contao211/distinfo                                        1.22

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Mon Apr  7 13:27:56 UTC 2014

  Modified Files:
  pkgsrc/www/contao: Makefile.common
  pkgsrc/www/contao211: Makefile distinfo

  Log Message:
  Update contao211 to 2.11.17.

  Version 2.11.17 (2014-04-07)
  ----------------------------

  ### Fixed
  Fixed a critical vulnerability of the install tool (see #6855).

(tron)

Pullup ticket #4359 - requested by obache
security/openssl: build fix

Revisions pulled up:
- security/openssl/distinfo                                    1.105

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Tue Apr  8 23:58:03 UTC 2014

  Modified Files:
  pkgsrc/security/openssl: distinfo

  Log Message:
  removed obsolated patche entries.

(tron)

recursive bump from icu shlib major bump.

(obache)

Update `used by...' comments.

(obache)

mail/thnderbird/Makefile is using www/firefox24/mozilla-common.mk now.

(obache)

Disable integrated assembler for clang.
See e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=982693

(wiz)

Updated multimedia/adobe-flash-plugin11 to 11.2.202.350

(obache)

Update adobe-flash-plugin11 to 11.2.202.350 for APSB14-09.

(obache)

removed obsolated patche entries.

(obache)

Pullup tickets #4354, #4355 and #4360.

(tron)

Pullup ticket #4355 - requested by obache
wm/awesome: build fix

Revisions pulled up:
- wm/awesome/Makefile                                          1.48
- wm/awesome/distinfo                                          1.14
- wm/awesome/patches/patch-awesomeConfig.cmake                  1.3

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Sun Apr  6 05:46:14 UTC 2014

  Modified Files:
  pkgsrc/wm/awesome: Makefile distinfo
  pkgsrc/wm/awesome/patches: patch-awesomeConfig.cmake

  Log Message:
  Some clean up of packaging:
  * prevent to buildlink with pango, it will be loaded vir lua-gi.
  * add buildlink with libexecinfo, it is installed as a dependency of cmake
  now  and found by cmake. PR pkg/48717.
  * set prefix of libev more closely.

  Bump PKGREVISION from dependency update.

(tron)

Updated fonts/umefont-ttf to 0.462

(ryoon)

Update to 0.462

Status:
Unadjusted glyphs: Unicode 7a85-9398

(ryoon)

Updated www/apache-tomcat7 to 7.0.53

(ryoon)

Update to 7.0.53

* Fix CVE-2014-0050 and CVE-2013-4590,

Changelog:
Tomcat 7.0.53 (violetagg)

    Catalina

        add Make it easier for applications embedding and/or extending Tomcat to modify the javaseClassLoader attribute of the WebappClassLoader. (markt)
        fix Improve the robustness of web application undeployment based on some code analysis triggered by the report for 54315. (markt)
        fix 56219: Improve merging process for web.xml files to take account of the elements and attributes supported by the Servlet version of the merged file. (markt)
        fix 56190: The response should be closed (i.e. no further output is permitted) when a call to AsyncContext.complete() takes effect. (markt)
        fix 56236: Enable Tomcat to work with alternative Servlet and JSP API JARs that package the XML schemas in such as way as to require a dependency on the JSP API before enabling validation for web.xml. Tomcat has no such dependency. (markt)
        fix 56246: Fix NullPointerException in MemoryRealm when authenticating an unknown user. (markt)
        fix 56248: Allow the deployer to update an existing WAR file without undeploying the existing application if the update flag is set. This allows any existing custom context.xml for the application to be retained. To update an application and remove any existing context.xml simply undeploy the old version of the application before deploying the new version. (markt)
        fix Redefine the globalXsltFile initialisation parameter of the DefaultServlet as relative to CATALINA_BASE/conf or CATALINA_HOME/conf. Prevent user supplied XSLTs used by the DefaultServlet from defining external entities. (markt)
        add Add a work around for validating XML documents (often TLDs) that use just the file name to refer to refer to the JavaEE schema on which they are based. (markt)
        fix 56293: Cache resources loaded by the class loader from /META-INF/services/ for better performance for repeated look ups. (markt)

    Coyote

        fix 53119: Make sure the NIO AJP output buffer is cleared on any error to prevent any possible overflow if it is written to again before the connection is closed. This extends the original fix for the APR/native output buffer to the NIO connector. (kkolinko)
        fix 56172: Avoid possible request corruption when using the AJP NIO connector and a request is sent using more than one AJP message. Patch provided by Amund Elstad. (markt)
        fix 56213: Reduce garbage collection when the NIO connector is under heavy load. (markt)
        fix Improve processing of chuck size from chunked headers. Avoid overflow and use a bit shift instead of a multiplication as it is marginally faster. (markt/kkolinko)
        fix Fix possible overflow when parsing long values from a byte array. (markt)

    Jasper

        fix 54475: Add Java 8 support to SMAP generation for JSPs. Patch by Robbie Gibson. (markt)
        fix 55483: Improve handing of overloaded methods and constructors in expression language implementation. (markt)
        fix 56208: Restore the validateXml option to Jasper that was previously renamed validateTld. Both options are now supported. validateXml controls the validation of web.xml files when Jasper parses them and validateTld controls the validation of *.tld files when Jasper parses them. (markt)
        fix 56223: Throw an IllegalStateException if a call is made to ServletContext.setInitParameter() after the ServletContext has been initialized. (markt)
        fix 56265: Do not escape values of dynamic tag attributes containing EL expressions. (kkolinko)
        fix Make the default compiler source and target versions for JSPs Java 6 since Tomcat 7 requires Java 6 as a minimum. (markt)
        update 56283: Update to the Eclipse JDT Compiler P20140317-1600 which adds support for Java 8 syntax to JSPs. Add support for value "1.8" for the compilerSourceVM and compilerTargetVM options. (markt)

    WebSocket

        fix Avoid a possible deadlock when one thread is shutting down a connection while another thread is trying to write to it. (markt)
        fix Call onError if an exception is thrown calling onClose when closing a session. (remm)

    Web applications

        code In the documentation: add support for several documentation tags from Tomcat 8. Such as <version-major/>. (kkolinko)
        add 56093: Add the SSL Valve to the documentation web application. (markt)
        fix 56217: Improve readability by using left alignment for the table cell containing the request information on the Manager application status page. (markt)
        fix Fixed java.lang.NegativeArraySizeException when using "Expire sessions" command in the manager web application on a context where the session timeout is disabled. (kfujino)
        fix Add support for LAST_ACCESS_AT_START system property to Manager web application. (kfujino)
        fix Add definition of org.apache.catalina.ant.FindLeaksTask. (kfujino)
        fix 56273: If the Manager web application does not perform an operation because the web application is already being serviced, report an error rather than reporting success. (markt)
        fix 56304: Add a note to the documentation about not using WebSocket with BIO HTTP in production. (markt)

    Other

        fix 56143: Improve service.bat so that it can be launched from a non-UAC console. This includes using a single call to tomcat7.exe to install the Windows service rather than three calls, and using command line arguments instead of environment variables to pass the settings. (markt/kkolinko)
        fix Fix regression in 7.0.52: when using service.bat install to install the service the values for --StdOutput, --StdError options were passed as blank instead of "auto". (kkolinko)
        fix Align options between service.bat and exe Windows installer. For service.bat the changes are in --Classpath, --DisplayName, --StartPath, --StopPath. For exe installer the changes are in --JvmMs, --JvmMx options, which are now 128 Mb and 256 Mb respectively instead of being empty. Explicitly specify --LogPath path when uninstalling Windows service, avoiding default value for that option. (kkolinko)
        code Simplify Windows *.bat files: remove %OS% checks, as java 6 does not run on ancient non-NT operating systems. (kkolinko)
        fix 56137: Explicitly use the BIO connector in the SSL example in server.xml so it doesn't break if APR is enabled. (markt)
        fix 56139: Avoid a web application class loader leak in some unit tests when running on Windows. (markt)
        fix Correct build script to avoid building JARs with empty packages. (markt)
        add Allow to limit JUnit test run to a number of selected test case methods. (kkolinko)
        fix 56189: Remove used file cpappend.bat from the distribution. (markt)

Tomcat 7.0.52 (violetagg) released 2014-02-17

    Catalina

        fix Generate a valid root element for the effective web.xml for a web application for all supported versions of web.xml. (markt)

    Coyote

        code Pull up SocketWrapper to AbstractProcessor. (markt)
        fix In some circumstances asynchronous requests could time out too soon. (markt)

Tomcat 7.0.51 (violetagg) not released

    Catalina

        fix 55287: ServletContainerInitializer defined in the container may not be found. (markt/jboynes)
        fix 55855: Provide a per Context option (containerSciFilter) to exclude container SCIs. (markt)
        fix 55937: When deploying applications, treat a context path of /ROOT as equivalent to /. (markt)
        fix 55943: Improve the implementation of the class loader check that prevents web applications from trying to override J2SE implementation classes. As part of this fix, refactor the way a null parent class loader is handled which enables a number of null checks and object creation calls to be removed. (markt)
        fix 55958: Differentiate between foo.war the WAR file and foo.war the directory. (markt)
        fix 55960: Improve the single sign on (SSO) unit tests. Patch provided by Brian Burch. (markt)
        fix 55974: Retain order when reporting errors and warnings while parsing XML configuration files. (markt)
        fix 56013: Fix issue with SPNEGO authentication when using IBM JREs. IBM JREs only understand the option of infinite lifetime for Kerberos credentials. Based on a patch provided by Arunav Sanyal. (markt)
        fix 56016: When loading resources for XML schema validation, take account of the possibility that servlet-api.jar and jsp-api.jar may not be loaded by the same class loader. Patch by Juan Carlos Estibariz. (markt)
        fix 56025: When creating a WebSocket connection, always call ServerEndpointConfig.Configurator.getNegotiatedSubprotocol() and always create the EndPoint instance after calling ServerEndpointConfig.Configurator.modifyHandshake(). (markt)
        fix 56032: Ensure that the WebSocket connection is closed after an IO error or an interrupt while sending a WebSocket message. (markt)
        fix 56042: If a request in async mode has an error but has already been dispatched don't generate an error page in the ErrorReportValve so the dispatch target can handle it. (markt)
        fix Add missing javax.annotation.sql.* classes to annotations-api.jar. (markt)
        fix The type of logger attribute of Context MBean should be not org.apache.commons.logging.Log but org.apache.juli.logging.Log. (kfujino)
        fix 56082: Fix a concurrency bug in JULI's LogManager implementation. (markt)
        fix 56096: When the attribute rmiBindAddress of the JMX Remote Lifecycle Listener is specified it's value will be used when constructing the address of a JMX API connector server. Patch is provided by Jim Talbut. (violetagg)
        fix When environment entry with one and the same name is defined in the web deployment descriptor and with annotation then the one specified in the web deployment descriptor is with priority. (violetagg)
        fix Change default value of xmlBlockExternal attribute of Context. It is true now. (kkolinko)

    Coyote

        fix Avoid possible NPE if a content type is specified without a character set. (markt)
        fix 55956: Make the forwarded remote IP address available to the Connectors via a request attribute. (markt)
        fix 55976: Fix sendfile support for the HTTP NIO connector. (markt)
        fix 55996: Ensure Async requests timeout correctly when using the NIO HTTP connector. (markt)
        add 56021: Make it possible to use the Windows-MY key store with the BIO and NIO connectors for SSL configuration. It requires a keystoreFile="" keystoreType="Windows-My" to be set on the connector. Based on a patch provided by Asanka. (markt)

    Jasper

        fix Correct a regression in the XML refactoring that meant that errors in TLD files were swallowed. (markt)
        fix 55671: Correct typo in the log message for a wrong value of genStringAsCharArray init-param of JspServlet. This parameter had a different name in Tomcat 6. (kkolinko)
        fix 55973: Fix processing of XML schemas when validation is enabled in Jasper. (kkolinko)
        fix 56010: Don't throw an IllegalArgumentException when JspFactory.getPageContext is used with JspWriter.DEFAULT_BUFFER. Based on a patch by Eugene Chung. (markt)
        fix 56012: When using the extends attribute of the page directive do not import the super class if it is in an unnamed package as imports from unnamed packages are now explicitly illegal. (markt)
        fix 56029: A regression in the fix for 55198 meant that when EL containing a ternary expression was used in an attribute a compilation error would occur for some expressions. (markt)
        fix Correct several errors in jspxml Schema and DTD. (kkolinko)
        fix Change default value of the blockExternal attribute of JspC task. The default value is true. Add support for -no-blockExternal switch when JspC is run as a standalone application. (kkolinko)

    Cluster

        code Simplify the code of o.a.c.ha.tcp.SimpleTcpCluster.createManager(String). Remove unnecessary class cast. (kfujino)

    WebSocket

        fix Do not return an empty string for the Sec-WebSocket-Protocol HTTP header when no sub-protocol has been requested or no sub-protocol could be agreed as RFC6455 requires that no Sec-WebSocket-Protocol header is returned in this case. (markt)

    Web applications

        fix Add index.xhtml to the welcome files list for the examples web application. (kkolinko)
        fix Clarify that the connectionTimeout may also be used as the read timeout when reading a request body (if any) in the documentation web application. (markt)
        fix Clarify the behaviour of the maxConnections attribute for a connector in the documentation web application. (markt)
        fix 55888: Update the documentation web application to make it clearer that a Container may define no more than one Realm. (markt)
        fix 55956: Where available, displayed the forwarded remote IP address available on the status page of the Manager web application. (markt)
        fix Correct links to the Tomcat mailing lists in the ROOT web application. (kkolinko)
        fix In Manager web application improve handling of file upload errors. Display a message instead of error 500 page. Simplify parts handling code, as it is known that Tomcat takes care of them when recycling a request. (kkolinko)

    Extras

        fix 55166, 56045: Copy the XML schemas used for validation that are packaged in jsp-api.jar to servlet-api.jar so that an embedded Tomcat instance can start without Jasper being available. This also enables validation to work without Jasper being available. (markt/kkolinko)
        fix 56039: Enable the JmxRemoteLifecycleListener to work over SSL. Patch by esengstrom. (markt)

    Other

        fix 55743: Enable the stop script to work when the shutdown port is disabled and a PID file is defined. This is only available on platforms that use catalina.sh. (markt)
        fix 55986: When forcing Tomcat to stop via kill -9 $CATALINA_PID, the catalina.sh script could incorrectly report that Tomcat had not yet completely stopped when it had. Based on a patch by jess. (markt)
        fix Package correct license and notice files with embedded JARs. (markt)
        code Remove svn keywords (such as $Id) from source files and documentation. (kkolinko)
        fix Fix CVE-2014-0050, a denial of service with a malicious, malformed Content-Type header and multipart request processing. Fixed by merging latest code (r1565163) from Commons FileUpload. (markt)
        fix 56115: Expose the httpusecaches property of Ant's get task as some users may need to change the default. Based on a suggestion by Anthony. (markt)

Tomcat 7.0.50 (violetagg) released 2014-01-08

    Catalina

        fix Handle the case where a context.xml file is added to a web application deployed from a directory. Previously the file was ignored until Tomcat was restarted. Now (assuming automatic deployment is enabled) it will trigger a redeploy of the web application. (markt)
        fix Fix string comparison in HostConfig.setContextClass(). (kkolinko)
        code Streamline handling of WebSocket messages when no handler is configured for the message currently being received. (markt)
        fix Handle the case where a WebSocket annotation configures a message size limit larger than the default permitted by Tomcat. (markt)
        fix 55855: This is a partial fix that bypasses the relatively expensive check for a WebSocket upgrade request if no WebSocket endpoints have been registered. (markt)
        fix 55905: Prevent a NPE when web.xml references a taglib file that does not exist. Provide better error message. (violetagg)

    Coyote

        fix When using the BIO connector with an internal executor, do not display a warning that the executor has not shutdown as the default configuration for BIO connectors is not to wait. This is because threads in keep-alive connections cannot be interrupted and therefore the warning was nearly always displayed. (markt)

    Jasper

        fix JspC uses servlet context initialization parameters to pass configuration so ensure that the servlet context used supports initialization parameters. (markt)

    Cluster

        fix In AbstractReplicatedMap#finalize, remove rpcChannel from channel Listener of group channel before sending MapMessage.MSG_STOP message. This prevents that the node that sent the MapMessage.MSG_STOP by normal shutdown is added to member map again by ping at heartbeat thread in the node that received the MapMessage.MSG_STOP. (kfujino)
        fix Add time stamp to GET_ALL_SESSIONS message. (kfujino)

    Web applications

        fix Fix the sample configuration of StaticMembershipInterceptor in order to prevent warning log. uniqueId must be 16 bytes. (kfujino)

    Extras

        update Update dependencies that are used to build tomcat-juli extras component. Apache Avalon Framework is updated to version 4.1.5, Apache Log4J to version 1.2.17. (rjung)

Tomcat 7.0.49 (violetagg) not released

    Catalina

        fix Correct a regression in the new XML local resolver that triggered false failures when XML validation was configured. (markt)
        fix Prevent a NPE when destroying HTTP upgrade handler for WebSocket connections. (violetagg)

Tomcat 7.0.48 (violetagg) not released

    Catalina

        add 51294: Add support for unpacking WARs located outside of the Host's appBase in to the appBase. (markt)
        fix 55656: Configure the Digester to use the server class loader when parsing server.xml rather than the class loader that loaded StandardServer. Patch provided by Roberto Benedetti. (markt)
        fix 55664: Correctly handle JSR 356 WebSocket Encoder, Decoder and MessageHandler implementations that use a generic type such as Encoder.Text<List<String>>. Includes a test case by Niki Dokovski. (markt)
        fix Correctly handle WebSocket Encoders, Decoders and MessageHandlers that use arrays of generic types. (markt)
        fix 55681: Ensure that the WebSocket session is made available to MessageHandler method calls. (markt)
        fix Updated servlet spec version and documentation section-number reported when JAR files are rejected for containing a trigger class (e.g. javax.servlet.Servlet). (schultz)
        add Modify the WebSocket handshake process so that the user properties Map exposed by the ServerEndpointConfig during the call to Configurator.modifyHandshake() is unique to the connection rather than shared by all connections associated with the Endpoint. This allows for easier configuration of per connection properties from within modifyHandshake(). (markt)
        fix 55684: Log a warning but continue if the memory leak detection code is unable to access all threads to check for possible memory leaks when a web application is stopped. (markt)
        fix Define the web-fragment.xml in tomcat7-websocket.jar as a Servlet 3.0 web fragment rather than as a Servlet 3.1 web fragment. (markt)
        fix 55715: Add a per web application executor to the WebSocket implementation and use it for calling SendHandler.onResult() when there is a chance that the current thread also initiated the write. (markt)
        fix Prevent file descriptors leak and ensure that files are closed when configuring the web application. (violetagg)
        fix Fixed the name of the provider-configuration file located in tomcat7-websocket.jar!/META-INF/services that exposes information for javax.websocket.server.ServerEndpointConfig$Configurator implementation. (violetagg)
        fix 55760: Remove the unnecessary setting of the javax.security.auth.useSubjectCredsOnly system property in the SpnegoAuthenticator as in addition to it being unnecessary, it causes problems with using SPNEGO with IBM JDKs. Patch provided by Arunav Sanyal. (markt)
        fix 55772: Ensure that the request and response are recycled after an error during asynchronous processing. Includes a test case based on code contributed by Todd West. (markt)
        fix 55778: Add an option to the JNDI Realm to control the QOP used for the connection to the LDAP server after authentication when using SPNEGO with delegated credentials. This value is used to set the javax.security.sasl.qop environment property for the LDAP connection. (markt)
        fix 55798: Log an error if the MemoryUserDatabase is unable to find the specified user database file. (markt)
        fix 55799: Correctly enforce the restriction in JSR356 that no more than one data message may be sent to a remote WebSocket endpoint at a time. (markt)
        fix When Catalina parses TLD files, always use a namespace aware parser to be consistent with how Jasper parses TLD files. The tldNamespaceAware attribute of the Context is now ignored. (markt)
        fix Deprecate the tldNamespaceAware Context attribute as TLDs are always parsed with a namespace aware parser. (markt)
        fix Correct a logic error that meant that unpackWARs was ignored and the WAR was always expanded if a WAR failed to deploy. (markt)
        add Add support for defining copyXML on a per Context basis. (markt)
        fix Define the expected behaviour of the automatic deployment and align the implementation to that definition. (markt)
        add When running under a security manager, change the default value of the Host's deployXML attribute to false. (markt)
        add If a Host is configured with a value of false for deployXML, a web application has an embedded descriptor at META-INF/context.xml and no explicit descriptor has been defined for this application, do not allow the application to start. The reason for this is that the embedded descriptor may contain configuration necessary for secure operation such as a RemoteAddrValve. (markt)
        fix Prevent an NPE in the WebSocket ServerContainer when processing an HTTP session end event. (markt)
        add 55801: Add the ability to set a custom SSLContext to use for client wss connections. Patch provided by Maciej Lypik. (markt)
        fix 55804: If the GSSCredential for the cached Principal expires when using SPNEGO authentication, force a re-authentication. (markt)
        add 55811: If the main web.xml contains an empty absolute-ordering element and validation of web.xml is not enabled, skip parsing any web-fragment.xml files as the result is never used. (markt)
        fix 55839: Extend support for digest prefixes {MD5}, {SHA} and {SSHA} to all Realms rather than just the JNDIRealm. (markt)
        fix 55842: Ensure that if a larger than default response buffer is configured that the full buffer is used when a Servlet outputs via a Writer. (markt)
        fix 55851: Further fixes to enable SPNEGO authentication to work with IBM JDKs. Based on a patch by Arunav Sanyal. (markt)
        add Fix CVE-2013-4590: Add an option to the Context to control the blocking of XML external entities when parsing XML configuration files and enable this blocking by default when a security manager is used. The block is implemented via a custom resolver to enable the logging of any blocked entities. (markt)

    Coyote

        code Implement a number of small refactorings to the APR/native handler for upgraded HTTP connections. (markt)
        fix Fix an issue with upgraded HTTP connections over HTTPS (e.g. secure WebSocket) when using the APR/native connector that resulted in the unexpected closure of the connection. (markt)
        fix Ensure that the application class loader is used when calling the ReadListener and WriteListener methods when using non-blocking IO. A side effect of not doing this was that JNDI was not available when processing WebSocket events. (markt)
        add Make the time that the internal executor (if used) waits for request processing threads to terminate before continuing with the connector stop process configurable. (markt)
        fix 55749: Improve the error message when SSLEngine is disabled in the AprLifecycleListener and SSL is configured for an APR/native connector. (markt)
        add If a request that includes an Expect: 100-continue header receives anything other than a 2xx response, close the connection This protects against misbehaving clients that may not sent the request body in that case and send the next request instead. (markt)
        fix Improve the parsing of trailing headers in HTTP requests. (markt)

    Jasper

        fix 55735: Fix a regression caused by the fix to 55198. When processing JSP documents, attributes in XML elements that are template content should have their text xml-escaped, but output of EL expressions in them should not be escaped. (markt)
        fix 55807: The JSP compiler used a last modified time of -1 for TLDs in JARs expanded in to WEB-INF/classes (IDEs often do this expansion) when creating the dependency list for JSPs that used that TLD. This meant JSPs using that TLD were recompiled on every access. (markt)

    Cluster

        add Add log message that initialization of AbstractReplicatedMap has been completed. (kfujino)
        fix The logger of AbstractReplicatedMap should be non-static in order to enable logging of each application. Side-effects of this change is to throw RuntimeException in MapMessage#getKey() and getValue() instead of Null return and error log. (kfujino)
        code Simplify the code of DeltaManager#startInternal(). Reduce unnecessary nesting for acquisition of cluster instance. (kfujino)
        fix Remove unnecessary attributes of stateTransferCreateSendTime and receiverQueue from cluster manager template. These attributes should not be defined as a template. (kfujino)
        fix Fix MBean attribute definition of stateTransfered. The method name is not isStateTransfered() but getStateTransfered(). (kfujino)
        fix Correct stop failure log of cluster. Failure cause is not only Valve. (kfujino)
        fix Remove unnecessary sleep when sending session blocks on session sync phase. (kfujino)
        fix Expose stateTimestampDrop of org.apache.catalina.ha.session.DeltaManager via JMX. (kfujino)
        fix When the ping timeouted, make sure that memberDisappeared method is not called by specifying the members that has already been removed. (kfujino)
        add Add log message of session relocation when member disappeared. (kfujino)
        fix If ping message fails, prevent wrong timeout detection of normal member that is no failure members. (kfujino)

    Web applications

        add Add some documentation on the SSL configuration options for WebSocket clients. (markt)
        add Add to cluster document a description of notifyLifecycleListenerOnFailure and heartbeatBackgroundEnabled. (kfujino)
        fix Update the documentation with information for WebSocket 1.0 specification and javadoc. (violetagg)
        fix 55703: Clarify the role of the singleton attribute for JNDI resource factories. (markt)
        fix 55746: Add documentation on the allRolesMode to the CombinedRealm and LockOutRealm. Patch by C辿dric Couralet. (markt)
        add Expand the information on web applications that ship as part of Tomcat in the security how-to section of the documentation web application. (markt)
        fix Expand the description of the WebSocket buffers in the documentation web application to clarify their purpose. (markt)
        add Correct the documentation for Cluster manager. (kfujino)
        add Add information on how to configure integrated Windows authentication when Tomcat is running on a non-Windows host. (markt)

    Extras

        update Update commons-logging to version 1.1.3. (rjung)

    Other

        add 52323: Add support for the Cobertura code coverage tool when running the unit tests. Based on a patch by mhasko. (markt/kkolinko)
        update Update sample Eclipse IDE project. Explicitly use a Java 6 SE JDK. Exclude JSR356 WebSocket classes from build path, as they cannot be compiled with Java 6. (kkolinko)
        update Update the Eclipse compiler to 4.3.1. (kkolinko/markt)

(ryoon)

Pullup ticket #4360 - requested by obache
emulators/suse131_openssl: security update

Revisions pulled up:
- emulators/suse131_openssl/Makefile                            1.5
- emulators/suse131_openssl/distinfo                            1.5

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Tue Apr  8 14:46:39 UTC 2014

  Modified Files:
  pkgsrc/emulators/suse131_openssl: Makefile distinfo

  Log Message:
  Update to libopenssl1_0_0-1.0.1e-11.32.1 for CVE-2014-0160.

  Bump PKGREVISION.

(tron)

Pullup ticket #4354 - requested by obache
inputmethod/ibus: bug fix patch

Revisions pulled up:
- inputmethod/ibus/Makefile                                    1.36

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Sun Apr  6 01:49:12 UTC 2014

  Modified Files:
  pkgsrc/inputmethod/ibus: Makefile

  Log Message:
  fixes mis-handling of gtk3 immodule.

  Bump PKGREVISION.

(tron)

security fix for a2ps

(tez)

Add fix for CVE-2014-0466 from
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902

(tez)

Updated net/py-irclib to 8.5.4nb1

(imil)

Forgot a new dependency for py-irclib (lang/py-six)

(imil)

Updated net/py-irclib to 8.5.4

(imil)

Updated irclib to version 8.5.4

8.5.4

    Issue #32: Add logging around large DCC messages to facilitate
    troubleshooting.
    Issue #31: Fix error in connection wrapper for SSL example.

8.5.3

    Issue #28: Fix TypeError in version calculation in irc.bot CTCP version.

8.5.2

    Updated DCC send and receive scripts (Issue #27).

8.5.1

    Fix timestamp support in schedule.DelayedCommand construction.

8.5

    irc.client.NickMask is now a Unicode object on Python 2. Fixes issue
    reported in pull request #19.
    Issue #24: Added DCCConnection.send_bytes for transmitting binary data.
    privmsg remains to support transmitting text.

8.4

    Code base now runs natively on Python 2 and Python 3, but requires six to
    be installed.
    Issue #25: Rate-limiting has been updated to be finer grained (preventing
    bursts exceeding the limit following idle periods).

8.3.2

    Issue #22: Catch error in bot.py on NAMREPLY when nick is not in any visible
    channel.

8.3.1

    Fixed encoding errors in server on Python 3.

8.3

    Added a set_keepalive method to the ServerConnection. Sends a periodic PING
    message every indicated interval.

8.2

    Added support for throttling send_raw messages via the ServerConnection
    object. For example, on any connection object:

        connection.set_rate_limit(30)

    That would set the rate limit to 30 Hz (30 per second). Thanks to Jason Kendall for the suggestion and bug fixes.

8.1.2

    Fix typo in client.NickMask.

8.1.1

    Fix typo in bot.py.

8.1

    Issue #15: Added client support for ISUPPORT directives on server connections. Now, each ServerConnection has a features attribute which reflects the features supported by the server. See the docs for irc.features for details about the implementation.

8.0.1

    Issue #14: Fix errors when handlers of the same priority are added under Python 3. This also fixes the unintended behavior of allowing handlers of the same priority to compare as unequal.

8.0

This release brings several backward-incompatible changes to the scheduled commands.

    Refactored implementation of schedule classes. No longer do they override the datetime constructor, but now only provide suitable classmethods for construction in various forms.
    Removed backward-compatible references from irc.client.
    Remove 'arguments' parameter from scheduled commands.

Clients that reference the schedule classes from irc.client or that construct them from the basic constructor will need to update to use the new class methods:

- DelayedCommand -> DelayedCommand.after
- PeriodicCommand -> PeriodicCommand.after

Arguments may no longer be passed to the 'function' callback, but one is encouraged instead to use functools.partial to attach parameters to the callback. For example:

DelayedCommand.after(3, func, ('a', 10))

becomes:

func = functools.partial(func, 'a', 10)
DelayedCommand.after(3, func)

This mode puts less constraints on the both the handler and the caller. For example, a caller can now pass keyword arguments instead:

func = functools.partial(func, name='a', quantity=10)
DelayedCommand.after(3, func)

Readability, maintainability, and usability go up.
7.1.2

    Issue #13: TypeError on Python 3 when constructing PeriodicCommand (and thus execute_every).

7.1.1

    Fixed regression created in 7.0 where PeriodicCommandFixedDelay would only cause the first command to be scheduled, but not subsequent ones.

7.1

    Moved scheduled command classes to irc.schedule module. Kept references for backwards-compatibility.

7.0

    PeriodicCommand now raises a ValueError if it's created with a negative or zero delay (meaning all subsequent commands are immediately due). This fixes #12.

    Renamed the parameters to the IRC object. If you use a custom event loop and your code constructs the IRC object with keyword parameters, you will need to update your code to use the new names, so:

    IRC(fn_to_add_socket=adder, fn_to_remove_socket=remover, fn_to_add_timeout=timeout)

    becomes:

    IRC(on_connect=adder, on_disconnect=remover, on_schedule=timeout)

    If you don't use a custom event loop or you pass the parameters positionally, no change is necessary.

6.0.1

    Fixed some unhandled exceptions in server client connections when the client would disconnect in response to messages sent after select was called.

6.0

    Moved LineBuffer and DecodingLineBuffer from client to buffer module. Backward-compatible references have been kept for now.
    Removed daemon mode and log-to-file options for server.
    Miscellaneous bugfixes in server.

5.1.1

    Fix error in 2to3 conversion on irc/server.py (issue #11).

5.1

The IRC library is now licensed under the MIT license.

    Added irc/server.py, based on hircd by Ferry Boender.
    Added support for CAP command (pull request #10), thanks to Danneh Oaks.

5.0

Another backward-incompatible change. In irc 5.0, many of the unnecessary getter functions have been removed and replaced with simple attributes. This change addresses issue #2. In particular:

        Connection._get_socket() -> Connection.socket (including subclasses)
        Event.eventtype() -> Event.type
        Event.source() -> Event.source
        Event.target() -> Event.target
        Event.arguments() -> Event.arguments

The nm_to_* functions were removed. Instead, use the NickMask class attributes.

These deprecated function aliases were removed from irc.client:

- parse_nick_modes -> modes.parse_nick_modes
- parse_channel_modes -> modes.parse_channel_modes
- generated_events -> events.generated
- protocol_events -> events.protocol
- numeric_events -> events.numeric
- all_events -> events.all
- irc_lower -> strings.lower

Also, the parameter name when constructing an event was renamed from eventtype to simply type.
4.0

    Removed deprecated arguments to ServerConnection.connect. See notes on the 3.3 release on how to use the connect_factory parameter if your application requires ssl, ipv6, or other connection customization.

3.6.1

    Filter out disconnected sockets when processing input.

3.6

    Created two new exceptions in irc.client: MessageTooLong and InvalidCharacters.
    Use explicit exceptions instead of ValueError when sending data.

3.5

    SingleServerIRCBot now accepts keyword arguments which are passed through to the ServerConnection.connect method. One can use this to use SSL for connections:

    factory = irc.connection.Factory(wrapper=ssl.wrap_socket)
    bot = irc.bot.SingleServerIRCBot(..., connect_factory = factory)

(imil)

Updated emulators/suse131_openssl to 13.1nb4

(obache)

Update to libopenssl1_0_0-1.0.1e-11.32.1 for CVE-2014-0160.

Bump PKGREVISION.

(obache)

Note update of net-snmp to version 5.7.2.1.

(he)

Upgrade net-snmp to version 5.7.2.1.

Upstream changes:
  * 5.{5,6,7}.2.1 *
      snmpd:
        - SECURITY: a denial of service attack vector was discovered on
          the linux implementation of the ICMP-MIB.  This release fixes
          this bug and all users are encouraged to update their SNMP
          agent if they make use of the ICMP-MIB table objects.

Fixes CVE-2014-2284.

(he)

Fix configure portability and NetBSD builds, remove stale patch files.

(fhajny)

Updated devel/nasm to 2.11.02

(adam)

Changes 2.11.02:
* Add the XSAVEC, XSAVES and XRSTORS family instructions.
* Add the CLFLUSHOPT instruction.

(adam)

Updated print/acroread9 to 9.5.5nb2

(obache)

Update dependencies:
* compat module is not required.
* curl is bundled and it require libidn.
* allow suse-10.0 again.

(obache)

Pullup ticket #4359.

(tron)

Pullup ticket #4359 - requested by obache
security/openssl: security update

Revisions pulled up:
- security/openssl/Makefile                                    1.186-1.188
- security/openssl/distinfo                                    1.103-1.104
- security/openssl/patches/patch-Configure                      1.1
- security/openssl/patches/patch-Makefile.org                  1.1
- security/openssl/patches/patch-Makefile.shared                1.1
- security/openssl/patches/patch-aa                            deleted
- security/openssl/patches/patch-ac                            deleted
- security/openssl/patches/patch-ad                            deleted
- security/openssl/patches/patch-ae                            deleted
- security/openssl/patches/patch-af                            deleted
- security/openssl/patches/patch-ag                            deleted
- security/openssl/patches/patch-ak                            deleted
- security/openssl/patches/patch-apps_Makefile                  1.1
- security/openssl/patches/patch-config                        1.1
- security/openssl/patches/patch-crypto_bn_bn__prime.pl        1.1
- security/openssl/patches/patch-tools_Makefile                1.1

---
  Module Name: pkgsrc
  Committed By: he
  Date: Wed Apr  2 12:11:35 UTC 2014

  Modified Files:
  pkgsrc/security/openssl: Makefile distinfo
  Added Files:
  pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org
      patch-Makefile.shared patch-apps_Makefile patch-config
      patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c
      patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c
      patch-tools_Makefile
  Removed Files:
  pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae
      patch-af patch-ag patch-ak

  Log Message:
  Rename all remaining patch-?? files using the newer naming convention.

  Add a fix for CVE-2014-0076:

    Fix for the attack described in the paper "Recovering OpenSSL
    ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
    by Yuval Yarom and Naomi Benger. Details can be obtained from:
    http://eprint.iacr.org/2014/140

    Thanks to Yuval Yarom and Naomi Benger for discovering this
    flaw and to Yuval Yarom for supplying a fix.

  Fix from culled from
  http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f
  91e57d247d0fc667aef29

  Bump PKGREVISION.

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Tue Apr  8 02:48:38 UTC 2014

  Modified Files:
  pkgsrc/security/openssl: Makefile

  Log Message:
  p5-Perl4-CoreLibs is not required for perl<5.16

---
  Module Name: pkgsrc
  Committed By: obache
  Date: Tue Apr  8 06:20:44 UTC 2014

  Modified Files:
  pkgsrc/security/openssl: Makefile distinfo
  Removed Files:
  pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h
      patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c

  Log Message:
  Update openssl to 1.0.1g.
  (CVE-2014-0076 is already fixed in pkgsrc).

    OpenSSL CHANGES
    _______________

    Changes between 1.0.1f and 1.0.1g [7 Apr 2014]

    *) A missing bounds check in the handling of the TLS heartbeat extension
        can be used to reveal up to 64k of memory to a connected client or
        server.

        Thanks for Neel Mehta of Google Security for discovering this bug and
  to
        Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
        preparing the fix (CVE-2014-0160)
        [Adam Langley, Bodo Moeller]

    *) Fix for the attack described in the paper "Recovering OpenSSL
        ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
        by Yuval Yarom and Naomi Benger. Details can be obtained from:
        http://eprint.iacr.org/2014/140

        Thanks to Yuval Yarom and Naomi Benger for discovering this
        flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
        [Yuval Yarom and Naomi Benger]

    *) TLS pad extension: draft-agl-tls-padding-03

        Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the
        TLS client Hello record length value would otherwise be > 255 and
        less that 512 pad with a dummy extension containing zeroes so it
        is at least 512 bytes long.

        [Adam Langley, Steve Henson]

(tron)

Updated emulators/suse131_gtk2 to 13.1nb3

(obache)

Add libpangox, required by acroread9.

(obache)

tell the location of libidn module.

(obache)